I've been following this tutorial by phpacademy on OOP Login and Register functions and I cant seem to be able to get the remember me function to work. I think the problem is that $user-> login(); doesnt pass any data but i cant seem to be able to fix it.
and here is a part of my init.php
if (Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))) {
$hash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if ($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user-> login();
}
}
this is my User.php file
public function login($username = null, $password= null, $remember = false) {
if (!$username && !$password && $this->exists()) {
//problematic if statement removing $this->exists() gives me the error 'Trying to get property of non-object'
Session::put($this->_sessionName, $this->data()->id);
} else {
$user = $this->find($username);
if ($user) {
if ($this->data()->password === Hash::make($password, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->id);
if ($remember) {
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));
if (!$hashCheck->count()) {
$this->_db->insert('users_session', array(
'user_id' => $this->data()->id,
'hash' => $hash
));
} else {
$hash = $hashCheck->first()->hash;
}
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}
return false;
}
public function exists() {
return (!empty($this->_data)) ? true : false;
}
These (partial)files work for me:
init.php:
if(Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))) {
$hash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user->login();
}
}
User.php: (the complete file I have)
<?php
class User {
private $_db,
$_data,
$_sessionName,
$_cookieName,
$_isLoggedIn;
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if(!$user) {
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
}
}
} else {
$this->find($user);
}
}
public function update ($fields = array(), $id = null) {
if(!$id && $this->isLoggedIn()) {
$id = $this->data()->id;
}
if(!$this->_db->update('users', $id, $fields)) {
throw new Exception('There was a problem updating');
}
}
public function create($fields) {
if(!$this->_db->insert('users', $fields)) {
throw new Exception('There was a problem creating an account');
}
}
public function find($user = null) {
if($user) {
$field = (is_numeric($user)) ? 'id' : 'username';
$data = $this->_db->get('users', array($field, '=', $user));
if($data->count()) {
$this->_data = $data->first();
return true;
}
}
return false;
}
public function login($username = null, $password = null, $remember = false) {
if(!$username && !$password && $this->exists()) {
Session::put($this->_sessionName, $this->data()->id);
} else {
$user = $this->find($username);
if($user) {
if($this->data()->password === Hash::make($password, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->id);
if($remember) {
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));
if(!$hashCheck->count()) {
$this->_db->insert('users_session', array(
'user_id' => $this->data()->id,
'hash' => $hash
));
} else {
$hash = $hashCheck->first()->hash;
}
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}
return false;
}
public function hasPermission($key) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));
if($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] == true) {
return true;
}
}
return false;
}
public function exists() {
return (!empty($this->_data)) ? true : false;
}
public function logout() {
$this->_db->delete('users_session', array('user_id', '=', $this->data()->id));
Session::delete($this->_sessionName);
Cookie::delete($this->_cookieName);
}
public function data() {
return $this->_data;
}
public function isLoggedIn() {
return $this->_isLoggedIn;
}
}
?>
Maybe you are reading and setting different cookie. Change:
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
To:
Cookie::put(Config::get('remember/cookie_name'), $hash, Config::get('remember/cookie_expiry'));
Related
I am using an OOP login/register system and I want to apply a session timeout, I've looked at alot of tutorials and all of them explain how to go about it using a normal login/register system only. here are some of my codes:
init.php
session_start();
$GLOBALS['config'] = array(
'mysql' => array(
'host' => '127.0.0.1',
'username' => 'root',
'password' => '',
'db' => 'database'
),
'remember' => array(
'cookie_name' => 'hash',
'cookie_expiry' => '604800'
),
'session' => array(
'session_name' => 'user',
'token_name' => 'token'
)
);
Below are my classes that deal with logging in
Session.php
class Session {
public static function exists($name){
return (isset($_SESSION[$name])) ? true : false;
}
public static function put($name, $value){
return $_SESSION[$name] = $value;
}
public static function get($name){
return $_SESSION[$name];
}
public static function delete($name){
if(self::exists($name)){
unset($_SESSION[$name]);
}
}
public static function flash($name, $string = ''){
if(self::exists($name)){
$session = self::get($name);
return $session;
}else{
self::put($name, $string);
}
}
}
User.php
class User{
private $_db,
$_data,
$_sessionName,
$_isLoggedIn;
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
if(!$user){
if(Session::exists($this->_sessionName)){
$user = Session::get($this->_sessionName);
if($this->find($user)){
$this->_isLoggedIn = true;
}else{
//process logout
}
}
}else{
$this->find($user);
}
}
public function user_password($password = null){
if($this->data()->password === Hash::make($password, $this->data()->salt)){
return true;
}
}
public function find($user = null){
if($user){
$field = (is_numeric($user)) ? 'user_id' : 'username';
$data = $this->_db->get('users', array($field, '=', $user));
if($data->count()){
$this->_data = $data->first();
return true;
}
}
return false;
}
public function login($username = null, $password = null){
$user = $this->find($username);
if($user){
if($this->data()->password === Hash::make($password, $this->data()->salt)){
//This palce is important, change the user_id to the name of the users' table primary key
Session::put($this->_sessionName, $this->data()->user_id);
return true;
}
}
return false;
}
public function hasPermission($key){
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));
if($group->count()){
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] == true){
return true;
}
}
return false;
}
public function logout(){
Session::delete($this->_sessionName);
}
public function data(){
return $this->_data;
}
public function isLoggedIn(){
return $this->_isLoggedIn;
}
}
You can add a $_SESSION['timeOfLogin'] = time(); if the login succeeds.
While performing any task you can check if the login is still valid to go on by sending $_SESSION['timeOfLogin'] to the following function
public function sessionIsValid($timeOfLogin){
//Lets say expiry is 1 day
$expiryTime=24*60*60;
//Get the current time
$currentTime = time();
// How much time user has spent
$timeDifference = $currentTime - timeOfLogin;
//If time spent is less than expiry then it is good to go
if($timeDifference < $expiryTime)
return true;
else
return false;
}
I would like to learn programming, so I downloaded a safe script built in OOP to manage the login and user registration, I would like to get their hands to learn this language through classes and objects.
The script is this: https://github.com/aguvasu/Secure-PHP-OOP-user-reg-login-system-with-Boostrap
I come down to it, my problem where I can not find solution is that I would like to create a page where member.php show the list of registered users (username, email, etc.), but do not know how to do.
The class User.php shows this:
class User {
private $_db, $_data, $_sessionName, $_cookieName, $_isLoggedIn;
function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if (!$user) {
if (Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if ($this->find($user)) {
$this->_isLoggedIn = true;
} else {
//logout
}
}
} else {
$this->find($user);
}
}
public function find($user = null) {
if ($user) {
$field = (is_numeric($user)) ? 'id' : 'username' ;
$data = $this->_db->get('users', array($field, '=', $user));
if ($data->count()) {
$this->_data = $data->first();
return true;
}
}
return false;
}
public function create($fields = array()) {
if (!$this->_db->insert('users', $fields)) {
throw new Exception("Error Processing Request", 1);
}
}
public function login($username = null, $password = null, $remember = null) {
if (!$username && !$password && $this->exists()) {
Session::put($this->_sessionName, $this->data()->id);
} else {
$user = $this->find($username);
if ($user) {
if ($this->data()->password === Hash::make($password, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->id);
if ($remember) {
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_sessions', array('user_id', '=', $this->data()->id));
if (!$hashCheck->count()) {
$this->_db->insert('users_sessions', array(
'user_id' => $this->data()->id,
'hash' => $hash));
} else {
$hash = $hashCheck->first()->hash;
}
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}
return false;
}
public function update($fields = array(), $id = null) {
if (!$id && $this->isLoggedIn()) {
$id = $this->data()->id;
}
if (!$this->_db->update('users', $id, $fields)) {
Session::flash('uperr', 'We experienced an error while updating your profile');
Redirect::to('account.php');
exit();
}
}
public function hasPermission($key) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->user_group));
if ($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if ($permissions[$key]) {
return true;
}
}
return false;
}
public function logout() {
$this->_db->delete('users_sessions', array('user_id', '=', $this->data()->id));
Session::delete($this->_sessionName);
Cookie::delete($this->_cookieName);
}
public function data() {
return $this->_data;
}
public function isLoggedIn()
{
return $this->_isLoggedIn;
}
public function exists() {
return (!empty($this->_data)) ? true : false ;
}
}
If I make a new user so lets say I have:
$user = new User(10);
According to my user.php class it should take that number and find the user with the id of 10 and store its data. So when I type:
$user->data();
I should get the first user with the id 10 data, but for some reason when I type $user->data() nothing happens.
Here is the class.
<?php
class User {
private $_db,
$_data,
$_sessionName,
$_cookieName,
$_isLoggedIn;
public function __construct($user = null){
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if(!$user){
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
// process logout
}
} else {
$this->find($user);
}
}
}
public function update($fields = array(), $chosenfield = 'id', $id= null) {
if(!$id && $this->isLoggedIn()) {
$id = $this->data()->id;
}
if(!$this->_db->update('users', $chosenfield, $id, $fields)) {
throw new Exception('There was a problem updating.');
}
}
public function create($table,$fields = array()){
if(!$this->_db->insert($table, $fields)){
throw new Exception('There was a problem creating an account.');
}
}
public function find($user = null) {
if($user){
$field = (is_numeric($user)) ? 'id' : 'username';
$data = $this->_db->get('users', array($field, '=', $user));
if($data->count()) {
$this->_data = $data->first();
return true;
}
}
return false;
}
public function login($username = null, $password = null, $remember = false) {
if(!$username && !$password && $this->exists() === 'true') {
Session::put($this->_sessionName, $this->data()->id);
} else {
$user = $this->find($username);
if($user){
if($this->data()->password === Hash::make($password, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->id);
if($remember){
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));
if(!$hashCheck->count()) {
$this->_db->insert('users_session',array(
'user_id' => $this->data()->id,
'hash' => $hash
));
} else {
$hash = $hashCheck->first()->hash;
}
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}
return false;
}
public function hasPermission($key) {
$group = $this->_db->get('groups', array('id', '=', $this->data()->group));
if($group->count()) {
$permissions = json_decode($group->first()->permissions, true);
if($permissions[$key] == true){
return true;
}
}
return false;
}
public function exists() {
return (!empty($this->_data)) ? true : false;
}
public function data(){
return $this->_data;
}
public function isLoggedIn(){
return $this->_isLoggedIn;
}
public function logout(){
$this->_db->delete('users_session', array('user_id' ,'=' , $this->data()->id));
Session::delete($this->_sessionName);
Cookie::delete($this->_cookieName);
}
}
I misread the code before, the problem is exactly what m_ulder said in his comment.
When you say this:
new User(10);
In the constructor, this statement is false
if (!$user)
and the code inside it never executes, which is all the code inside the function.
That is because $user is TRUE when $user is 10 -- or any other value.
I have the cookie set and can see it in the console. When I close the browser and re-open it, it shows the cookie is there still , but not the session. So I am trying to see why my code is not keeping the user logged in. I will provide all the files necessary below.
EDIT: I should elaborate on this a little. So when the user close's his/her browser the session should no longer be there, but the cookie should and it is. So once that happens I want to say okay since there is a cookie we will grab that user's cookie look it up in the db and retrieve their id. Then using that id from a sessions table look up the id from the users table and log that user in.
login.php:
<?php
require_once 'core/init.php';
if(Input::exists()) {
if(Token::check(Input::get('token'))) {
$validate = new Validate();
$validation = $validate->check($_POST,array(
'username' => array('required' => true),
'password' => array('required' => true)
));
if($validation->passed()) {
$user = new User();
$remember = (Input::get('remember') === 'on') ? true : false;
$login = $user->login(Input::get('username'), Input::get('password'), $remember);
if($login) {
Redirect::to('index.php');
} else {
echo '<p>Sorry, logging in failed</p>';
}
} else {
foreach($validation->errors() as $error) {
echo $error, '<br>';
}
}
}
}
?>
<form action="" method="post">
<div class="field">
<label for="username">Username</label>
<input type="text" name="username" id="username" autocomplete="off">
</div>
<div class="field">
<label for="password">Password</label>
<input type="password" name="password" id="password" autocomplete="off">
</div>
<div class="field">
<label for="remember">
<input type="checkbox" name="remember" id="remember">Remember Me
</label>
</div>
<input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
<input type="submit" value="Log In">
</form>
init.php:
<?php
session_start();
$GLOBALS['config'] = array(
'mysql' => array(
'host' => '127.0.0.1',
'username' => 'root',
'password' => 'root',
'db' => 'register_login'
),
'remember' => array(
'cookie_name' => 'hash',
'cookie_expiry' => 604800
),
'session' => array(
'session_name' => 'user',
'token_name' => 'token'
)
);
spl_autoload_register(function($class) {
require_once 'classes/' . $class . '.php';
});
require_once 'functions/sanitize.php';
if(Cookie::exists(Config::get('remember/cookie_name')) && !Session::exists(Config::get('session/session_name'))) {
$hash = Cookie::get(Config::get('remember/cookie_name'));
$hashCheck = DB::getInstance()->get('users_session', array('hash', '=', $hash));
if($hashCheck->count()) {
$user = new User($hashCheck->first()->user_id);
$user->login();
}
}
?>
User.php: In this file under the public function login I put echo 'ok', and echo 'not ok' to see if my if was passing and I am getting 'no ok', so the if is not passing true. So my best guess is that $this->exists() is passing false. It should not be passing false though.
<?php
class User {
private $_db,
$_data,
$_sessionName,
$_cookieName,
$_isLoggedIn;
public function __construct($user = null){
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
$this->_cookieName = Config::get('remember/cookie_name');
if(!$user){
if(Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if($this->find($user)) {
$this->_isLoggedIn = true;
} else {
}
} else {
$this->find($user);
}
}
}
public function create($table,$fields = array()){
if(!$this->_db->insert($table, $fields)){
throw new Exception('There was a problem creating an account.');
}
}
public function find($user = null) {
if($user){
$field = (is_numeric($user)) ? 'id' : 'username';
$data = $this->_db->get('users', array($field, '=', $user));
if($data->count()) {
$this->_data = $data->first();
return true;
}
}
return false;
}
public function login($username = null, $password = null, $remember = false) {
if(!$username && !$password && $this->exists()) {
echo 'Ok';
//Session::put($this->_sessionName, $this->data()->id);
} else {
echo 'no ok';
$user = $this->find($username);
if($user){
if($this->data()->password === Hash::make($password, $this->data()->salt)) {
Session::put($this->_sessionName, $this->data()->id);
if($remember){
$hash = Hash::unique();
$hashCheck = $this->_db->get('users_session', array('user_id', '=', $this->data()->id));
if(!$hashCheck->count()) {
$this->_db->insert('users_session',array(
'user_id' => $this->data()->id,
'hash' => $hash
));
} else {
$hash = $hashCheck->first()->hash;
}
Cookie::put($this->_cookieName, $hash, Config::get('remember/cookie_expiry'));
}
return true;
}
}
}
return false;
}
public function exists() {
return (!empty($this->_data)) ? true: false;
}
public function data(){
return $this->_data;
}
public function isLoggedIn(){
return $this->_isLoggedIn;
}
public function logout(){
$this->_db->delete('users_session', array('user_id' ,'=' , $this->data()->id));
Session::delete($this->_sessionName);
Cookie::delete($this->_cookieName);
}
}
Session.php:
<?php
class Session {
public static function exists($name) {
return(isset($_SESSION[$name])) ? true : false;
}
public static function put($name, $value) {
return $_SESSION[$name] = $value;
}
public static function get($name) {
return $_SESSION[$name];
}
public static function delete($name) {
if(self::exists($name)) {
unset($_SESSION[$name]);
}
}
public static function flash($name, $string = '') {
if(self::exists($name)){
$session = self::get($name);
self::delete($name);
return $session;
} else {
self::put($name, $string);
}
}
}
I've been following a tutorial about OOP programming. And I got this class named User:
class User {
private $_db,
$_data,
$_sessionName,
$_isLoggedIn;
public function __construct($user = null) {
$this->_db = DB::getInstance();
$this->_sessionName = Config::get('session/session_name');
if (!$user) {
if (Session::exists($this->_sessionName)) {
$user = Session::get($this->_sessionName);
if ($this->find($user)) {
$this->_isLoggedIn = true;
} else {
// Process logout
}
}
} else {
$this->find($user);
}
}
public function update($fields = array(), $id = null) {
if (!$id && $this->isLoggedIn()) {
$id = $this->data()->id;
}
if (!$this->_db->update('users', $id, $fields)) {
throw new Exception('De gegevens konden niet gewijzigd worden');
}
}
public function create($fields = array()) {
if (!$this->_db->insert('users', $fields)) {
throw new Exception('Het account is niet aangemaakt');
}
}
public function find($user = null) {
if ($user) {
$field = (is_numeric($user)) ? 'id' : 'email';
$data = $this->_db->get('users', array($field, '=', $user));
if ($data->count()) {
$this->_data = $data->first();
return true;
}
}
}
public function login($email = null, $password = null) {
$user = $this->find($email);
if ($user) {
if ($this->data()->password === hash::make($password)) {
session::put($this->_sessionName, $this->data()->id);
return true;
}
}
return false;
}
public function logout() {
session::delete($this->_sessionName);
}
public function hasPermission($key) {
$group = $this->_db->get('user_role', array('id', '=', $this->data()->rank));
if ($group->count()) {
$permissions = json_decode($group->first()->permission, true);
if ($permissions[$key] == true) {
return true;
}
}
return false;
}
public function data() {
return $this->_data;
}
public function isLoggedIn() {
return $this->_isLoggedIn;
}
}
Each user has different quicklinks stored in the database. I tried to extend the class User with class Link like this:
class Link extends User {
public static function getUserLinks($user) {
if ($user) {
$data = $this->_db->get('user_links', array('uid', '=', $user));
if ($data->count()) {
$this->_data = $data->results();
return $this->_data;
} else {
echo 'No matches found';
}
}
return false;
}
But I get an error message :
Fatal error: Using $this when not in object context in ... on line 153
I thought that when extending a class I can access all the parents details?
What am I doing wrong? Also, is my logic correct behind class Link extends User?
Thanks for the help.
you are trying to access the class pointer within a static method, that's impossible since static methods belongs to the class itself and not to the instance.
you could have a static property that will hold your instance, then you could do that like so: (You'll have to make sure you got an instance of Link)
class Link extends User {
public static $instance;
public function __construct() {
parent::__construct();
self::$instance = $this;
}
public static function getUserLinks($user) {
if (self::$instance instanceof Link && $user) {
$data = self::$instance->_db->get('user_links', array('uid', '=', $user));
if ($data->count()) {
self::$instance->_data = $data->results();
return self::$instance->_data;
} else {
echo 'No matches found';
}
}
return false;
}
}